[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH accounts - basic restriction



On Tue, Feb 06, 2007 at 12:45:57PM +0100, Jarek Buczy?ski wrote:
> 
> I'd like my users don't access to some file for example /etc/*, they
> shouldn't see apache, bind, ftp etc config file. I think it's good practice,
> probably :)
> 
Have you looked at rssh?  It restricts the user to a chroot that is
their own home directory.  If they have no need to access any common
directories, that should work.  If that won't work, then most things in
/etc/ should be owned by root and group root, daemon, www-data or
something similar.  In those cases, you can probably do 'chmod o-rwx
/path/to/some/file', but be careful and make sure that anything that
needs to access that file is running as root or is in the right group.

Regards,

-Roberto

-- 
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature


Reply to: